Switch System Flaws: Difference between revisions
this isn't that hard, gdi |
formmatting |
||
| Line 35: | Line 35: | ||
|- | |- | ||
| Security Engine keyslots vulnerable to partial overwrite attack | | Security Engine keyslots vulnerable to partial overwrite attack | ||
| The Tegra X1 security engine supports writing keyslot data to the engine with syntax as follows: SECURITY_ENGINE->AES_KEYTABLE_ADDR = (keyslot << 24) | (dword_index_in_keyslot); SECURITY_ENGINE->AES_KEYTABLE_DATA = readle32(key, dword_index_in_keyslot * 4); | | | ||
The Tegra X1 security engine supports writing keyslot data to the engine with syntax as follows: | |||
SECURITY_ENGINE->AES_KEYTABLE_ADDR = (keyslot << 24) | (dword_index_in_keyslot); | |||
SECURITY_ENGINE->AES_KEYTABLE_DATA = readle32(key, dword_index_in_keyslot * 4); | |||
However, the Security Engine flushes writes to the internal key tables immediately when AES_KEYTABLE_DATA is written -- this allows one to overwrite a single dword of a key at a time, and thus brute force the contents of keyslots in time (2^32 * 8) = 2^35 instead of 2^256. | However, the Security Engine flushes writes to the internal key tables immediately when AES_KEYTABLE_DATA is written -- this allows one to overwrite a single dword of a key at a time, and thus brute force the contents of keyslots in time (2^32 * 8) = 2^35 instead of 2^256. | ||